参考网址:
https://www.cnblogs.com/reboot51/p/8328720.html
https://www.elastic.co/guide/en/x-pack/5.6/actions-email.html #邮件设置
elasticsearch 配置
xpack.notification.email.account:
exchange_account:
profile: outlook
email_defaults:
from: [email protected]
smtp:
auth: true
starttls.enable: false
host: smtpdm.aliyun.com
port: 25
user: [email protected]
password: hkxxx2016
watcher 配置
1.syslog 数量监控
{
"trigger": {
"schedule": {
"interval": "1m"
}
},
"input": {
"search": {
"request": {
"search_type": "query_then_fetch",
"indices": [
"syslog-*"
],
"types": [],
"body": {
"size": 0,
"query": {
"range": {
"@timestamp": {
"gt": "now-1m"
}
}
},
"sort": [
{
"@timestamp": {
"order": "desc"
}
}
]
}
}
}
},
"condition": {
"compare": {
"ctx.payload.hits.total": {
"gte": 10
}
}
},
"actions": {
"email": {
"throttle_period_in_millis": 60000,
"email": {
"profile": "outlook",
"priority": "high",
"to": [
"[email protected]"
],
"subject": "syslog 产生{{ctx.payload.hits.total}}条记录 ",
"body": {
"html": "syslog索引 一分钟内产生{{ctx.payload.hits.total}}条记录,请注意查看
"
}
}
}
}
}
2.elastic 状态报警
{
"trigger": {
"schedule": {
"interval": "1m"
}
},
"input": {
"http": {
"request": {
"scheme": "http",
"host": "10.25.234.176",
"port": 9200,
"method": "get",
"path": "/_cluster/health",
"params": {},
"headers": {}
}
}
},
"condition": {
"compare": {
"ctx.payload.status": {
"not_eq": "green"
}
}
},
"actions": {
"email": {
"throttle_period_in_millis": 60000,
"email": {
"profile": "outlook",
"priority": "high",
"to": [
"[email protected]"
],
"subject": "elasticsearch状态为{{ctx.payload.status}},注意查看",
"body": {
"html": "elasticsearch状态为{{ctx.payload.status}},注意查看!
"
}
}
}
}
}
3.延时报警
{
"trigger": {
"schedule": {
"cron": "0/30 * 1-6 ? * 2-6"
}
},
"input": {
"search": {
"request": {
"search_type": "query_then_fetch",
"indices": [
"simulation_adjust_job*"
],
"types": [],
"body": {
"size": 0,
"query": {
"bool": {
"must": [
{
"query_string": {
"query": "task_accumulative_time_consuming:>3000"
}
},
{
"range": {
"@timestamp": {
"gt": "now-30s"
}
}
}
]
}
},
"sort": [
{
"@timestamp": {
"order": "desc"
}
}
]
}
}
}
},
"condition": {
"compare": {
"ctx.payload.hits.total": {
"gte": 3
}
}
},
"actions": {
"email": {
"throttle_period_in_millis": 60000,
"email": {
"profile": "outlook",
"priority": "high",
"to": [
"[email protected]"
],
"subject": "【严重】模拟交易成交时间",
"body": {
"html": "30s内成交时间超过3秒的有{{ctx.payload.hits.total}}条记录,请注意查看!
"
}
}
}
}
}